I've hit a dead end with normal Apple support channels. I wrote up a radar for it (FB23333685).
I used curl -v https://developer.apple.com/forums/ on my Mac via my phone's hotspot (working) and via Spectrum (not working) (some irrelevant stuff elided to shrink post):
Working:
% curl -v https://developer.apple.com/forums/
* Host developer.apple.com:443 was resolved.
* IPv6: 2620:149:a06:f000::134, 2620:149:a06:f000::139
* IPv4: 17.253.31.140, 17.253.31.139
* Trying [2620:149:a06:f000::134]:443...
* Connected to developer.apple.com (2620:149:a06:f000::134) port 443
<elided>
> GET /forums/ HTTP/1.1
> Host: developer.apple.com
> User-Agent: curl/8.7.1
> Accept: */*
>
* Request completely sent off
< HTTP/1.1 200 OK
< Server: Apple
< Date: Mon, 22 Jun 2026 23:22:30 GMT
< Content-Type: text/html;charset=utf-8
< Vary: Accept-Encoding
< Set-Cookie: oid-dev-forums=; Path=/; Domain=.apple.com; Expires=Thu, 01 Jan 1970 00:00:00 GMT; Max-Age=0; Secure; HttpOnly
< Expires: Mon, 22 Jun 2026 23:22:29 GMT
< X-Frame-Options: DENY
< Strict-Transport-Security: max-age=31536000; includeSubDomains
< Service-Worker-Allowed: /
< User-Type: anonymous
< Cache-Control: private,no-cache,no-store, must-revalidate, max-age=0
< Last-Modified: Mon, 22 Jun 2026 23:22:29 GMT
< X-Content-Type-Options: nosniff
< Content-Security-Policy: <elided>
< Vary: Accept-Encoding
< X-XSS-Protection: 1; mode=block
< Vary: Origin
< Vary: Access-Control-Request-Method
< Vary: Access-Control-Request-Headers
< Content-Language: en-US
< X-Request-ID: 41b2b91a2a2c5e8be35787ec7b349db8
< Edge-Control: !no-store,max-age=3600
< X-Request-ID: 41b2b91a2a2c5e8be35787ec7b349db8
< Set-Cookie: myacinfo=; Path=/; Domain=.apple.com; Expires=Thu, 01 Jan 1970 00:00:00 GMT; Max-Age=0; Secure; HttpOnly
< Set-Cookie: asc_user=; Path=/; Domain=.apple.com; Expires=Thu, 01 Jan 1970 00:00:00 GMT; Max-Age=0; Secure
< Set-Cookie: XID=<redacted>; Path=/; Domain=.apple.com; Expires=Wed, 22 Jul 2026 23:22:29 GMT; Max-Age=2592000; Secure; HttpOnly
< Set-Cookie: df_shld_btm_prd=<redacted>; Expires=Tue, 23 Jun 2026 11:22:30 GMT; Max-Age=43200; Domain=apple.com; Path=/; SameSite=Lax; Secure
< Age: 2
< Via: https/1.1 ussea4-edge-mx-005.ts.apple.com (acdn/302.16436), https/1.1 ussea4-edge-fx-007.ts.apple.com (acdn/302.16436)
< X-Cache: miss, miss
< CDNUUID: 42f00814-9cfb-4675-a0fa-4f3aa5ba89da-2134634100
< Transfer-Encoding: chunked
< Connection: keep-alive
<
<!DOCTYPE html>
…
Failing:
% curl -v https://developer.apple.com/forums/
* Host developer.apple.com:443 was resolved.
* IPv6: (none)
* IPv4: 17.253.83.137, 17.253.83.132
* Trying 17.253.83.137:443...
* Connected to developer.apple.com (17.253.83.137) port 443
<redacted>
* SSL certificate verify ok.
* using HTTP/1.x
> GET /forums/ HTTP/1.1
> Host: developer.apple.com
> User-Agent: curl/8.7.1
> Accept: */*
>
* Request completely sent off
< HTTP/1.1 403 Forbidden
< Server: Apple
< Date: Mon, 22 Jun 2026 23:16:25 GMT
< Content-Type: text/html
< Content-Length: 146
< Cache-Control: private, no-cache, no-store, max-age=0
< Age: 0
< Via: https/1.1 uslax1-edge-mx-005.ts.apple.com (acdn/302.16436), https/1.1 uslax1-edge-fx-015.ts.apple.com (acdn/302.16436)
< X-Cache: miss, miss
< CDNUUID: 4da2a4a9-3bd4-4135-b895-6b58b6d7f53b-1614544808
< Connection: keep-alive
<
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>Apple</center>
</body>
</html>
* Connection #0 to host developer.apple.com left intact
The Spectrum response never reached the forums app at all — it was rejected at the edge node itself (uslax1-edge-mx-005 / uslax1-edge-fx-015, both LA-area). The working request happened to land on a Seattle-area edge (ussea4) via anycast routing. So this isn't an app-level or account-level block — it's a deny rule sitting on (or upstream of) the LA edge PoP for my specific IP.
Thing is, I don’t know how to get help on this issue.
I wrote up a radar for it FB23333685.
Thanks for filing this bug. I’m not able to go into too much detail here, but suffice to say that forums has recently rolled out additional security checks and we’ve seen a number of false positives like this one. We’ll use the info in your bug to refine that setup.
Oh, and I’m glad to hear that you were able to use a VPN to work around the current inconvenience.
Other folks, if you encounter the same problem please file a bug about it and post the bug number here. Make sure to include:
- Your public IP addresses, v4 and v6, from one of the various “what’s my ip address” websites.
- A rough timestamp, including the time zone, of when you hit the problem.
Please post your bug number so that I can add it to our ongoing investigation.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
